Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@ethereum-attestation-service/contracts
Advanced tools
The Ethereum Attestation Service is a free and open protocol for on-chain attestations on EVM compatible blockchains. It is a generalized service that allows anyone to register a schema for their particular use case, and then make attestations following their schema.
Schemas can be registered using the SchemaRegistry.sol
contract, and attestations are made using the EAS.sol
contract.
In addition, we provide a resolver contract for advanced use cases, such as on-chain verification of attestation data, and also attaching payments to attestations (which makes a new suite of powerful web3 applications possible).
We also provide an SDK for developers.
On-chain attestations will enable a powerful new range of web3 applications, including:
yarn install @ethereum-attestation-service/contracts
Testing the protocol is possible via multiple approaches:
You can run the full test suite via:
yarn test
You can test new deployments (and the health of the network) against a mainnet fork via:
yarn test:deploy
Please make sure to properly configure your Tenderly settings via .env
.
This will automatically be skipped on an already deployed and configured deployment scripts and will only test the additional changeset resulting by running any new/pending deployment scripts and perform an e2e test against the up to date state. This is especially useful to verify that any future deployments and upgrades, suggested by the DAO, work correctly and preserve the integrity of the system.
------------------------------|----------|----------|----------|----------|----------------|
File | % Stmts | % Branch | % Funcs | % Lines |Uncovered Lines |
------------------------------|----------|----------|----------|----------|----------------|
contracts/ | 100 | 100 | 100 | 100 | |
EAS.sol | 100 | 100 | 100 | 100 | |
EIP712Verifier.sol | 100 | 100 | 100 | 100 | |
IEAS.sol | 100 | 100 | 100 | 100 | |
IEIP712Verifier.sol | 100 | 100 | 100 | 100 | |
ISchemaRegistry.sol | 100 | 100 | 100 | 100 | |
SchemaRegistry.sol | 100 | 100 | 100 | 100 | |
Types.sol | 100 | 100 | 100 | 100 | |
contracts/resolver/ | 100 | 100 | 100 | 100 | |
ISchemaResolver.sol | 100 | 100 | 100 | 100 | |
SchemaResolver.sol | 100 | 100 | 100 | 100 | |
contracts/resolver/examples/ | 100 | 100 | 100 | 100 | |
AttestationResolver.sol | 100 | 100 | 100 | 100 | |
AttesterResolver.sol | 100 | 100 | 100 | 100 | |
DataResolver.sol | 100 | 100 | 100 | 100 | |
ExpirationTimeResolver.sol | 100 | 100 | 100 | 100 | |
PayingResolver.sol | 100 | 100 | 100 | 100 | |
RecipientResolver.sol | 100 | 100 | 100 | 100 | |
RevocationResolver.sol | 100 | 100 | 100 | 100 | |
TokenResolver.sol | 100 | 100 | 100 | 100 | |
ValueResolver.sol | 100 | 100 | 100 | 100 | |
------------------------------|----------|----------|----------|----------|----------------|
All files | 100 | 100 | 100 | 100 | |
------------------------------|----------|----------|----------|----------|----------------|
In order to audit the test coverage of the full test suite, run:
yarn test:coverage
You can profile the gas costs of all of the user-focused flows via:
yarn test:profile
The contracts have built-in support for deployments on different chains and mainnet forks. You can deploy the project by:
yarn deploy
There’s also a special deployment mode which deploys the protocol to a mainnet fork, with additional goodies. It can be run via:
yarn deploy:fork
The framework was inspired and adopted from Bancor V3.
EAS is open source and distributed under the MIT License (see LICENSE
).
FAQs
Ethereum Attestation Service
The npm package @ethereum-attestation-service/contracts receives a total of 0 weekly downloads. As such, @ethereum-attestation-service/contracts popularity was classified as not popular.
We found that @ethereum-attestation-service/contracts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.